andreas steffen, 3.10.2011, 2-cryptology.pptx 1 internet security 1 (intsi1) prof. dr. andreas...
TRANSCRIPT
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 1
Internet Security 1 (IntSi1)
Prof. Dr. Andreas Steffen
Institute for Internet Technologies and Applications (ITA)
2 Introduction to Cryptology
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 2
What is Cryptology?
Cryptology is a branch of mathematics !!
Cryptology
Cryptography
„Art and science of keeping messages secure“
Cryptanalysis
„Art and science of breaking ciphertext“
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 3
Cipher
Cryptography – Basic Terminology
EncryptionEK(P) = C
plaintext
weattackat dawn
P
sorqjzplvnwkghanqd
C
ciphertext
weattackat dawn
P
sorqjzplvnwkghanqd
C
DecryptionDK(C) = P
key K
key K
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 4
Cryptanalysis – Fundamental Assumptions
• Attacker knows every detail of the cryptographical algorithm
• Attacker is in possession of encryption / decryption equipment (HW machine or SW implementation)
• Attacker has access to an arbitrary number of plaintext / ciphertext pairs generated with the same (unknown) key.
• Strong cipher: Best attack should be brute force key search!
The security of a cipher should relyon the secrecy of the key only!
Auguste Kerckhoffs, „La Cryptographie militaire“, 1883
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 5
Cryptanalysis – Types of Attacks
• Ciphertext-Only Attack• Attacker knows ciphertext of several messages encrypted
with the same key and/or several keys• Recover the plaintext of as many messages as possible or
even better deduce the key (or keys)
• Known-Plaintext Attack• Known ciphertext / plaintext pair of several messages• Deduce the key or an algorithm to decrypt further
messages
• Chosen-Plaintext Attack • Attacker can choose the plaintext that gets encrypted
thereby potentially getting more information about the key
• Adaptive Chosen-Plaintext Attack• Attacker can choose a series of plaintexts, basing the choice
on the result of previous encryption differential cryptanalysis!
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 6
How to construct a Secure Cipher?
World War II German Enigma Machine
Thomas Jefferson‘s Cipher Wheel
1 0 1 0 0 1 1 1 0 1 ...
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 7
Claude Shannon 1916 - 2001 The Father of Information Theory
• Information Theory• Worked at MIT / Bell Labs• „The Mathematical Theory of
Communication“ (1948)• Maximum capacity of a noisy
transmission channel• Definition of the „binary digit“
(bit) as a unit of information• Definition of „entropy“ as a
measure of information
• Cryptography• Model of a secrecy system• Definition of perfect secrecy• Basic principles of „confusion“
and „diffusion“
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 8
Internet Security 1 (IntSi1)
2.1 Basic CryptographicPrinciples
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 9
Mary Stuart 1516 - 1558Famous Victim of Successful Cryptanalysis
Mary StuartQueen of Scotland
Elizabeth IQueen of England
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 10
History of Cryptography - Literature
• History of Cryptography• David Kahn, "The Codebreakers:
The Comprehensive History of Secret Communication from Ancient Times to the Internet",1181 pages, 1996,Scribner Book Company, ISBN 0-684-83130-9
• The Code Book• Simon Singh, "The Code Book : The Science
of Secrecy from Ancient Egypt to Quantum Cryptography", 402 pages, 2000,Fourth Estate, ISBN 1-857-02889-9
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 11
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
Substitution Table - Caesar‘s Cipher
Shannon‘s Principle of ConfusionCaesar Monoalphabetic Substitution Cipher
MESSAGE FROM MARY STUART KILL THE QUEEN
PHVVD JHIUR PPDUB VWXDU WNLOO WKHTX HHQPHVVD JPHVVDPHVVPHP
key = 3 cyclic shifts
ABCDEFGHIJKLMNOPQRSTUVWXYZ
EYUOBMDXVTHIJPRCNAKQLSGZFW
General Substitution Table
26! possible keys
JBKKE DBMAR JJEAF KQLEA QHVII QXBNL BBP
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 12
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z plaintext alphabetA B C D E F G H I J K L M N O P Q R S T U V W X Y ZB C D E F G H I J K L M N O P Q R S T U V W X Y Z AC D E F G H I J K L M N O P Q R S T U V W X Y Z A BD E F G H I J K L M N O P Q R S T U V W X Y Z A B CE F G H I J K L M N O P Q R S T U V W X Y Z A B C DF G H I J K L M N O P Q R S T U V W X Y Z A B C D EG H I J K L M N O P Q R S T U V W X Y Z A B C D E FH I J K L M N O P Q R S T U V W X Y Z A B C D E F GI J K L M N O P Q R S T U V W X Y Z A B C D E F G HJ K L M N O P Q R S T U V W X Y Z A B C D E F G H IK L M N O P Q R S T U V W X Y Z A B C D E F G H I JL M N O P Q R S T U V W X Y Z A B C D E F G H I J KM N O P Q R S T U V W X Y Z A B C D E F G H I J K LN O P Q R S T U V W X Y Z A B C D E F G H I J K L MO P Q R S T U V W X Y Z A B C D E F G H I J K L M NP Q R S T U V W X Y Z A B C D E F G H I J K L M N OQ R S T U V W X Y Z A B C D E F G H I J K L M N O PR S T U V W X Y Z A B C D E F G H I J K L M N O P QS T U V W X Y Z A B C D E F G H I J K L M N O P Q RT U V W X Y Z A B C D E F G H I J K L M N O P Q R SU V W X Y Z A B C D E F G H I J K L M N O P Q R S TV W X Y Z A B C D E F G H I J K L M N O P Q R S T UW X Y Z A B C D E F G H I J K L M N O P Q R S T U VX Y Z A B C D E F G H I J K L M N O P Q R S T U V WY Z A B C D E F G H I J K L M N O P Q R S T U V W XZ A B C D E F G H I J K L M N O P Q R S T U V W X Y
HI
T
W
Shannon‘s Principle of ConfusionVigenère Polyalphabetic Substitution Cipher
E
MESSAGE FROM ...
Keyword: WHITE
MESSAGE FROM ...
WHITEWH ITEW
ILALECL NKSI
MESSAGE FROM ...
WHITEWH ITEW
MESSAGE FROM ...
WHITEWH ITEW
I
MESSAGE FROM ...
WHITEWH ITEW
IL
MESSAGE FROM ...
WHITEWH ITEW
ILA
MESSAGE FROM ...
WHITEWH ITEW
ILAL
MESSAGE FROM ...
WHITEWH ITEW
ILALE
MESSAGE FROM ...
WHITEWH ITEW
ILALEC
MESSAGE FROM ...
WHITEWH ITEW
ILALECL
MESSAGE FROM ...
WHITEWH ITEW
ILALECL N
MESSAGE FROM ...
WHITEWH ITEW
ILALECL NK
MESSAGE FROM ...
WHITEWH ITEW
ILALECL NKS
Vigenère square
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 13
4 9 1 7 5 3 2 8 6
Extended key:order of columns9! = 362‘880 keys
Shannon‘s Principle of DiffusionTransposition Cipher
MESSAGE FROM MARY STUART KILL THE QUEEN
M E S S A G E F RO M M A R Y S T U A R T
T HE
K I L L
Q U E E N
Plaintext in
Ciphertext out
MOAEE MRQMOAEMOAEE MRQSM TUMOAEE MRQSM TUSAK EMOAEE MRQSM TUSAK EARIE RUHMOAEE MRQSM TUSAK EARIE GYLNMOAEE MRQSM TUSAK EARIE GYLNE SL FTT
Diffusion means permutation of bit or byte positions !
1 2 3 4 5 6 7 8 9 Key = 9 columns
SMTUE SLGYL NMOAE ARIER UHSAK EFTTE MRQ
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 14
Data Encryption Standard (DES)Rounds of Confusion and Diffusion
Initial PermutationInitial Permutation Strip Parity (56 bits)
Strip Parity (56 bits)
Key (64 bits)Key (64 bits)
Round 1Round 1
Round 2Round 2
Round 16Round 16
Reverse PermutationReverse Permutation
Plaintext Block (64 bits)Plaintext Block (64 bits)
Ciphertext Block (64 bits)Ciphertext Block (64 bits)
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 15
One Round of DES
Expansion PermutationExpansion Permutation
48
P-Box Permutation
P-Box Permutation
S-Box Substitution
S-Box Substitution
32
ShiftShift ShiftShift
48
Compression Permutation
Compression Permutation
FeistelNetwork
56
32
32
Keyi-1Keyi-1Ri-1
Ri-1Li-1Li-1
KeyiKeyiRi
RiLiLi
32
32 5
6
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 16
Internet Security 1 (IntSi1)
2.2 Plaintext and Key Entropy
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 17
Most Cryptoanalytic Attacks base on theRedundancy of Natural Language Texts
E
26
T
18
A
16
O
16
N
14
I
13
R
13
S
12
H
12
high frequency group
D
8
L
7
U
6
C
6
M
6
medium frequency group
P
4
F
4
Y
4
W
3
G
3
B
3
V
2
low frequency group
J
1
K
1
X
1 ½
Q Z
½
rare group
Frequency table of 200 English letters
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 18
Georges Perec, „La disparition“, 1969Book of 280 pages without a single letter e
...Anton Voyl n'arrivait pas à dormir. Il alluma. Son Jaz marquait minuit vingt. Il poussa un profond soupir, s'assit dans son lit, s'appuyant sur son polochon. Il prit un roman, il l'ouvrit, il lut ; mais il n'y saisit qu'un imbroglio confus, il butait à tout instant sur un mot dont il ignorait la signification. Il abandonna son roman sur son lit. Il alla à son lavabo ; il mouilla un gant qu'il passa sur son front, sur son cou. Son pouls battait trop fort. Il avait chaud...
Excerpt from „La disparition“ © Editions Denöel
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 19
Entropy of the English Language
• Single character statistics• Entropy H = 4 bits / character
• Written English taking into account the full context• Shannon (1950): Entropy H = 0.6 ... 1.3 bits /
character• Simulations (1999): Entropy H = 1.1 bits / character
• What about the entropy of C source code? for (c = 0; c < 256; c++) { i2 = (key_data_ptr[i1] + state[c] + i2) % 256; swap_byte(&state[c], &state[i2]); i1 = (i1 + 1) % key_data_len;}
• Compression before encryption increases security• Good data compression algorithms (e.g. Lempel-Ziv) remove
all redundancy and come very close to the entropy of the plaintext.
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 20
Random Passwords with 128 Bits of Entropy
• Digits (0..9): 39 digits 3.3 bits/digits• 39475 10485 98021 43380 05872 49759 70291 2634
• Hexadecimal (0..F): 32 nibbles 4 bits/nibble• 3F8A 84D1 EA7B 5092 C64F 8EA6 73BD F01B
• Alphabet (A..Z): 28 characters 4.7 bits/character• AWORH GHJBP IUCMX MLZFQ TZDOP ZJV
• Alphabet & Digits (A..Z, 0..9): 25 symbols 5.2 bits/symbol• E5RGL UPQ7A 8F3ZP NWTIC 22JBM
• Base64 (A..Z, a..z, 0..9, /, +): 22 symbols 6 bits/symbol• y5GNa Riq92 VCm4Q 1BOKl x0
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 21
Shannon‘s Definition of Perfect SecrecyThe One-Time Pad
m bits of plaintext Pwith entropy H(P)
m bits of plaintext Pwith entropy H(P)
Compression AlgorithmC(P) = Z
Compression AlgorithmC(P) = Z
H(P) k m bits of compressed plaintext Z
H(P) k m bits of compressed plaintext Z k bits of ciphertext Ck bits of ciphertext C
One-Time Padk bits of random key K
One-Time Padk bits of random key K
1 0 0 1 1 0 1 0 1 0
0 1 1 1 0 1 1 0 1 1
1 1 0 1 0 0 0 1 1 1
use random key sequenceonly once and then discard it !
Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 22
open channel
Shannon‘s Model of a Secrecy SystemSymmetric or Secret-Key Cryptosystems
• Same key used for encryption and decryption
• Key must be kept absolutely secret
• Same key can be used for several messages, but should be changed periodically secure key distribution problem!
EncryptionEK(P) = C
plaintext
PDecryptionDK(C) = P
ciphertext plaintext
PC
key K key K
distribution of secret-key over secure channel